New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 653020 link

Starred by 1 user
Status: Verified
Owner:
hong_zh...@foxitsoftware.com
Last visit > 30 days ago
Closed: Jan 2017
Cc:
ranjitkan@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug



Sign in to add a comment

Undefined-shift in TIFFReadDirectory

Project Member Reported by ClusterFuzz, Oct 5 2016 
Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6435844057726976

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  TIFFReadDirectory
  TIFFClientOpen
  tiff_open
  
Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=422937:423055

Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sh1aVXvrb-sNIvQQMjcxOzc0IoBbMZMjn3vUETGAyGgAgEUgki--0HiqXUm6-rIGUyvUxabwXA81LphoRrkLx8azo_MiKMCEtniTgPSlpk20RrW4q9pSx3G03fksu5j6bRsc9nfb__74NMVMXjXgEbbKGhA?testcase_id=6435844057726976

Issue manually filed by: ranjitkan

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

Comment 1 by ranjitkan@chromium.org, Oct 5 2016

Cc: bo...@foxitsoftware.com
Components: Tools>Test>FindIt>CorrectResult
Labels: Findit-for-crash M-55 Te-Logged
Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 3757 of file tif_dirread.c, which is stack frame 0.

Author: Bo Xu
Project: chromium-pdfium
Changelist: https://pdfium.googlesource.com/pdfium.git/+/fdc00a7042d912aafaabddae4d9c84199921ef23
Time: Tue Oct 28 23:03:33 2014 -0700
The CL last changed line 466 of file tif_open.c, which is stack frame 1.

@Bo Xu: Assigning to you, Request you to please take a look into it. Please help us to reassign if not with respect to your change.

Thanks.!

Comment 2 by hong_zh...@foxitsoftware.com, Oct 5 2016

Cc: -bo...@foxitsoftware.com ranjitkan@chromium.org
Dear @ranjitkan, Bo is no longer with my organization. Please assign to hong_zhang@foxitsoftware.com who is currently in charge of what Bo was working on.

Comment 3 by ranjitkan@chromium.org, Oct 6 2016

Owner: hong_zh...@foxitsoftware.com
Status: Assigned (was: Untriaged)
Sure, Thanks for the update. Assigned as mentioned above
Project Member

Comment 4 by sheriffbot@chromium.org, Nov 22 2016

Labels: -Restrict-View-EditIssue
Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by ClusterFuzz, Jan 12 2017 

ClusterFuzz has detected this issue as fixed in range 442993:443106.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6435844057726976

Fuzzer: libfuzzer_pdf_codec_tiff_fuzzer
Job Type: libfuzzer_chrome_ubsan
Platform Id: linux

Crash Type: Undefined-shift
Crash Address: 
Crash State:
  TIFFReadDirectory
  TIFFClientOpen
  tiff_open
  
Sanitizer: undefined (UBSAN)

Regressed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=422937:423055
Fixed: https://cluster-fuzz.appspot.com/revisions?job=libfuzzer_chrome_ubsan&range=442993:443106

Minimized Testcase (0.37 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95sh1aVXvrb-sNIvQQMjcxOzc0IoBbMZMjn3vUETGAyGgAgEUgki--0HiqXUm6-rIGUyvUxabwXA81LphoRrkLx8azo_MiKMCEtniTgPSlpk20RrW4q9pSx3G03fksu5j6bRsc9nfb__74NMVMXjXgEbbKGhA?testcase_id=6435844057726976

See https://chromium.googlesource.com/chromium/src/+/master/testing/libfuzzer/reproducing.md for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.
Project Member

Comment 6 by ClusterFuzz, Jan 12 2017

Labels: ClusterFuzz-Verified
Status: Verified (was: Assigned)
ClusterFuzz testcase 6435844057726976 is verified as fixed, so closing issue.

If this is incorrect, please add ClusterFuzz-Wrong label and re-open the issue.

Sign in to add a comment